环境信息】
x86
【测试版本】
Name: hiredis
Version: 1.0.2
【注意事项】
受影响版本排查(受影响/不受影响)
1、master
2、openEuler-20.03-LTS-SP3
3、openEuler-20.03-LTS-SP1
4、openEuler-20.03-LTS-SP2
5、openEuler-20.03-LTS
6、openEuler-21.03
7、openEuler-20.03-LTS-Next
8、openEuler-21.09
9、openEuler-22.03-LTS
10、openEuler-22.03-LTS-Next
11、openEuler-20.09
12、openEuler-22.03-LTS-SP1
13、openEuler-23.03
一、【测试步骤】
1、编译
python3 infra/helper.py build_fuzzers --sanitizer memory hiredis
2、执行
python3 infra/helper.py run_fuzzer hiredis format_command_fuzzer
【报错信息】
Uninitialized bytes in __interceptor_strlen at offset 0 inside [0x7ffc6b0ca370, 1)
==12==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x52fb17 in sdscat /src/hiredis/sds.c:394:28
#1 0x530add in sdscatvprintf /src/hiredis/sds.c:535:9
#2 0x520649 in redisvFormatCommand /src/hiredis/hiredis.c:456:34
#3 0x5228cb in redisFormatCommand /src/hiredis/hiredis.c:554:11
#4 0x51e7d8 in LLVMFuzzerTestOneInput /src/hiredis/format_command_fuzzer.c:51:9
#5 0x4583b1 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#6 0x457af5 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:470:3
#7 0x459bc7 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:698:19
#8 0x45a645 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocatorfuzzer::SizedFile >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:832:5
#9 0x44961e in fuzzer::FuzzerDriver(int*, char***, int ()(unsigned char const, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:826:6
#10 0x471df2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#11 0x7fd27c08a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#12 0x41dd28 in _start (/out/format_command_fuzzer+0x41dd28)
Uninitialized value was created by an allocation of 'staticbuf' in the stack frame of function 'sdscatvprintf'
#0 0x5306d0 in sdscatvprintf /src/hiredis/sds.c:503
SUMMARY: MemorySanitizer: use-of-uninitialized-value /src/hiredis/sds.c:394:28 in sdscat
Exiting
MS: 5 InsertByte-InsertByte-CrossOver-ChangeByte-ChangeBit-; base unit: 84b38958c642458f7cc9f0f099b795e268275028
0x3d,0x2d,0xa,0x2,0x25,0x2e,
=-\x0a\x02%.
artifact_prefix='./'; Test unit written to ./crash-777b8c637ff1536e988f7d11a593d34bfa292cf4
Base64: PS0KAiUu
【预期结果】
运行无异常
【实际结果】
运行出现异常
【复现步骤】
python3 infra/helper.py reproduce hiredis format_command_fuzzer ./crash-777b8c637ff1536e988f7d11a593d34bfa292cf4
!29:[sync] PR-28: 修复fuzz测试中遇到内存未做初始化的错误
请在1.0.2-3版本进行验收
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
登录 后才可以发表评论